package com.bookm.bookm.config;

import cn.hutool.crypto.digest.MD5;
import cn.hutool.json.JSON;
import cn.hutool.json.JSONUtil;
import cn.hutool.setting.dialect.Props;
import com.bookm.bookm.entity.Reader;
import com.bookm.bookm.entity.Result;
import com.bookm.bookm.service.ReaderService;
import com.bookm.bookm.service.impl.ReaderServiceImpl;
import com.bookm.bookm.utils.ResultUtil;

import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.*;

public class PermissionFilter implements Filter {
    private ReaderService service = new ReaderServiceImpl();
    private String[] admin_urls = new String[]{""};
    @Override
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequest) servletRequest;
        HttpServletResponse response = (HttpServletResponse) servletResponse;
        String method = request.getMethod();
//        if("GET".equals(method)){
//
//        } else if("POST".equals(method)){
//
//        } else {
//            System.out.println("不支持的请求"+method);
//        }

        Props props = new Props("application.properties");
        String urls = props.getStr("permission.admin_url");
        String[] urls_arr = urls.split(",");
        Collection<String[]> values = request.getParameterMap().values();
        String queryString = "";
        for (String[] value : values) {
            queryString += value[0] + ",";
        }
        List<String> vals = Arrays.asList(queryString.split(","));
        String matchValue = request.getHttpServletMapping().getMatchValue();
        boolean isNeedPermission = false;
        if (Arrays.asList(urls_arr).contains(matchValue)) {
            // 检测到检测到 admin 请求，验证是否具有admin权限
            isNeedPermission = true;
        } else {
            for (String s : urls_arr) {
                if (vals.contains(s)) {
                    // 检测到 admin 请求，验证是否具有admin权限
                    isNeedPermission = true;
                }
            }
        }
        if (isNeedPermission) {
            String uid = request.getParameter("uid");
            String usr = request.getParameter("usr");
            if (uid == null || usr == null) {
                response.getWriter().print(ResultUtil.no_role());
                // 无权访问
            } else {
                // 验证数据是否被非法篡改
                Result usr1 = service.getUsr(usr);
                if (usr1.getCode() == 10001) {
                    Reader reader = JSONUtil.toBean(usr1.getData().toString(), Reader.class);
                    String md5_val = MD5.create().digestHex(usr + reader.getPhone());
                    System.out.println(md5_val);
                    if (md5_val.equals(uid)) {
                        // 根据自定义的规则判断是否有权限
                        if (isNeedPermission) {
                            if (reader.getRoles().contains("admin")) {
                                filterChain.doFilter(request, response);
                            } else {
                                response.getWriter().print(ResultUtil.no_role());
                            }
                        } else {
                            filterChain.doFilter(request, response);
                        }
                    } else {
                        response.getWriter().print(ResultUtil.no_role());
                    }
                } else {
                    // 无此用户 无权访问
                    response.getWriter().print(ResultUtil.no_role());
                }
            }
        } else {
            filterChain.doFilter(request, response);
        }
    }
}
